| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| Exploit for CVE-2026-6741 | 26 May 202606:10 | – | githubexploit | |
| CVE-2026-6741 | 27 Apr 202619:36 | – | attackerkb | |
| CVE-2026-6741 | 27 Apr 202621:00 | – | circl | |
| WordPress plugin LatePoint 安全漏洞 | 27 Apr 202600:00 | – | cnnvd | |
| CVE-2026-6741 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability | 27 Apr 202619:36 | – | cvelist | |
| EUVD-2026-25910 | 27 Apr 202619:36 | – | euvd | |
| CVE-2026-6741 | 27 Apr 202620:16 | – | nvd | |
| WordPress LatePoint plugin <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability | 27 Apr 202610:42 | – | patchstack | |
| PT-2026-35519 | 27 Apr 202600:00 | – | ptsecurity | |
| CVE-2026-6741 | 5 Jun 202619:17 | – | redhatcve |
[
{
"vendor": "latepoint",
"product": "LatePoint – Calendar Booking Plugin for Appointments and Events",
"versions": [
{
"version": "0",
"status": "affected",
"lessThanOrEqual": "5.4.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| customer_id | request body | /wp-json/wp/v2/abilities/latepoint/connect-customer-to-wp-user | Privileged target binding: agent links a customer to a WordPress user without verifying target's role, enabling privilege escalation | CWE-269 |
| wp_user_id | request body | /wp-json/wp/v2/abilities/latepoint/connect-customer-to-wp-user | Privileged target binding: agent links a customer to a WordPress user without verifying target's role, enabling privilege escalation | CWE-269 |
| password_reset_token | path | /?latepoint_route=customer_cabinet%2Fchange_password | LatePoint password reset flow can trigger update_password leading to admin password change when token is valid | CWE-269 |
| password | path | /?latepoint_route=customer_cabinet%2Fchange_password | LatePoint password reset flow can trigger update_password leading to admin password change when token is valid | CWE-269 |
| password_confirmation | path | /?latepoint_route=customer_cabinet%2Fchange_password | LatePoint password reset flow can trigger update_password leading to admin password change when token is valid | CWE-269 |
| action | query param | /wp-admin/admin-ajax.php?action=rest-nonce | Nonce retrieval for REST API access; can be used in conjunction with privilege escalation flow | CWE-269 |
| rest-nonce | query param | /wp-admin/admin-ajax.php?action=rest-nonce | Nonce retrieval for REST API access; can be used in conjunction with privilege escalation flow | CWE-269 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation